Re: [Samba] Getting user list for each group
Hello Oguz, Perhaps you can use a tool specific to your user/group back-end. For LDAP there is ldapsearch, for the default Samba back-end there is pdbedit. Regarding your authentication question, I have little experience in using Squid as a (regular) proxy. I do however have experience with NTLM + Apache, and it has always been slow and slightly unreliable. An alternative is Kerberos. Dependent on your network setup it can be somewhat complex to configure, but once you've got it working it performs really well. Best regards, Gerben -Original Message- From: samba-boun...@lists.samba.org on behalf of Oguz Yilmaz Sent: Sat 13-10-2012 10:14 To: samba@lists.samba.org Subject: [Samba] Getting user list for each group I use Winbind auth for squid-dansguardian ntlm authentication purpose. I need matching users/group for filtering in squid/dansguardian. getent group is used for finding users for groups except for group Domain Users. getent passwd is used for finding all users and specifically users for group Domain Users (over group ID). This requires enumeration option(winbind enum users, winbind enum groups) enabled in smb.conf. For thousands of users this may block many system functions puts wait even for tcpdump and ssh logins. So, I want to disable enum options end stop using getent. Are there any way to get user list for each group with wbinfo or any other other tools? What may be the best practice for the aim in paragraph 1? Thank you and Best Regards, -- Oguz -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Getting user list for each group
I use Winbind auth for squid-dansguardian ntlm authentication purpose. I need matching users/group for filtering in squid/dansguardian. getent group is used for finding users for groups except for group Domain Users. getent passwd is used for finding all users and specifically users for group Domain Users (over group ID). This requires enumeration option(winbind enum users, winbind enum groups) enabled in smb.conf. For thousands of users this may block many system functions puts wait even for tcpdump and ssh logins. So, I want to disable enum options end stop using getent. Are there any way to get user list for each group with wbinfo or any other other tools? What may be the best practice for the aim in paragraph 1? Thank you and Best Regards, -- Oguz -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Getting user list from samba for ACLs
Hi, I wondering what needs to be done for UNIX and samba local users to show up in Windows Select Users or Groups dialog when setting ACL on remote samba share directory. Currently pop up window shows up where login/password needs to be provided. I've tried smaba_server_ip\samba_user_login with that users' local password and only system users can be seen: Everyone, SYSTEM, SERVICE etc. Checked on windows 7 and XP pro, AD not set. Samba version: 3.5.10 Samba config: [global] workgroup = JANEK server string = Winterm log file = /mnt/data/logs/samba.%m max log size = 50 load printers = No printcap name = /dev/null disable spoolss = Yes show add printer wizard = No [netdrive] path = /mnt/data valid users = johnx read only = No force create mode = 0770 directory mask = 0770 Any help would be greatly appreciated. -- Best Regards Jan Stepnowski -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Getting a list of users mapped to IP addresses they are logged in from
Thanks for the suggestion. I'm not entirly sure if it will work in this instance though as what I am looking to do is to automatically log the user in to the Wiki's own authentication module [It's mediawiki] At the moment it uses the LDAP exension to support authentication against our ldap DB, and I was hoping to change that to something like if [ remote_ip is logged into the PDC ] user = user that is logged in via remote IP else as normal, show user/pass dialog which then authenticates aginst LDAP I don't think the NTLM auth module would allow that. I guess it would allow access to the actual pages based on if you were logged in to the PDC, but even if you were you would still be logged out from the point of view of mediawiki - unless somehow you can access the NTLM auth module via PHP On Wed, Nov 5, 2008 at 4:20 AM, Michael Heydon [EMAIL PROTECTED]wrote: Didster wrote: We also have a company Wiki remove the need to manually login to the Wiki. Does any one know of a better way? NTLM auth module for apache. Assuming you are using an apache web server. *Michael Heydon - IT Administrator * [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Getting a list of users mapped to IP addresses they are logged in from
A quick Google suggests it's possible. The NTLM module apparently sets a variable with the username. I would suggest checking the mediawiki extensions list on the mediawiki site... Someone might already have done NTLM support. TB Didster wrote: Thanks for the suggestion. I'm not entirly sure if it will work in this instance though as what I am looking to do is to automatically log the user in to the Wiki's own authentication module [It's mediawiki] At the moment it uses the LDAP exension to support authentication against our ldap DB, and I was hoping to change that to something like if [ remote_ip is logged into the PDC ] user = user that is logged in via remote IP else as normal, show user/pass dialog which then authenticates aginst LDAP I don't think the NTLM auth module would allow that. I guess it would allow access to the actual pages based on if you were logged in to the PDC, but even if you were you would still be logged out from the point of view of mediawiki - unless somehow you can access the NTLM auth module via PHP On Wed, Nov 5, 2008 at 4:20 AM, Michael Heydon [EMAIL PROTECTED]wrote: Didster wrote: We also have a company Wiki remove the need to manually login to the Wiki. Does any one know of a better way? NTLM auth module for apache. Assuming you are using an apache web server. *Michael Heydon - IT Administrator * [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] ** This message is intended for the addressee named and may contain privileged information or confidential information or both. If you are not the intended recipient please delete it and notify the sender. ** -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Getting a list of users mapped to IP addresses they are logged in from
Hi There, We have a samba setup as a domain controller using a LDAP backend. We also have a BDC setup on a cross-atlantic subnet with LDAP replication and so forth. We also have a company Wiki which at the moment uses the same LDAP database to authenticate users. I am looking for a way to remove the need to manually login to the Wiki. After all, the person has already logged into their machine. Instead, i am trying to find some way of asking Samba who is logged in from IP 1.2.3.4? and using this to determine if they are authenticated to use the Wiki. I have looked at net status sessions and this sort of works. However, it has two problems: 1. Each user has their home share automatically mapped by Samba. But, for speed, each home share is mapped to the machine that serviced the login request - meaning some shares are listed on the PDC and some on the BDC, meaning I would have to query each machine or use a dummy share that was on the PDC only. Could probably work around this, but... 2. For some reason, the machines don't like being left idle. After some period of time, the listings in net status sessions disappear for a given machine. The only way to get them back is to open My Computer on the machine - which seems to reconnect the sessions. I guess this is Windows doing some sort of timeout. Does any one know of a better way? Or is their some magic reg key I can add to the machines to stop them dropping the sessions off? Many thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Getting a list of users mapped to IP addresses they are logged in from
Didster wrote: We also have a company Wiki remove the need to manually login to the Wiki. Does any one know of a better way? NTLM auth module for apache. Assuming you are using an apache web server. *Michael Heydon - IT Administrator * [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Getting a list of users in a group - how?
Hi all, Hopefully this is a simple one - I'm trying to work out how to get a list of users in a certain group. If I have the following set up in Active Directory: Group1 - UserA - UserB Group2 - UserC - UserD AllGroups - Group1 - Group2 - UserX Then I want to be able to say List all users in the AllGroups group and I should get UserA,B,C,D and UserX returned. I'm not sure how to go about this - wbinfo only seems able to return the groups a single user is a member of, and 'getent group' only returns people specifically in that group (i.e. getent group AllGroups only returns UserX, it ignores the nested groups, even if winbind nested groups = yes in smb.conf.) Any ideas how to list *all* the users in a specific group? Thanks, Adam. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Getting a list of users in a group - how?
On Fri, Jun 23, 2006 at 04:01:52PM +1000, Adam Nielsen wrote: Any ideas how to list *all* the users in a specific group? This is not available via winbind yet. It is also low priority for us, because doing this correctly is really a huge mess and not reliably doable anyway. The latter is not our fault, this is what Windows dictates upon us. Volker pgptprk9czkpp.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Getting a list of users in a group - how?
My crude hack at a solution, but it works for me so here goes . . . . . #!/bin/sh # /usr/local/bin/get_grp_mem domain group # # domain sid is derived from: # # wbinfo -n domain account # # S-1-2-33-44-5-6-X User (1) # # domain sid = S-1-2-33-44-5-6 # grpid=`wbinfo -n $1 | sed 's/domain sid-//' | sed 's/ Domain..*//'` for i in `rpcclient -W domain name -U domain account%password -c querygroupmem \ $grpid domain controller | tr -s '\t' ' ' | sed 's/^ rid:\[0x//g' | sed 's/\] attr:\[0x7\]//g'` do wbinfo -s domain sid-`echo ${i} | /usr/local/bin/hex2ascii` done #end-of-script #!/usr/bin/perl -w # /usr/local/bin/hex2ascii # use Term::ANSIColor; $con=hex($ans); print $con\n; #end-of-script - toby bluhm philips medical systems, cleveland ohio [EMAIL PROTECTED] 440-483-5323 Hi all, Hopefully this is a simple one - I'm trying to work out how to get a list of users in a certain group. If I have the following set up in Active Directory: Group1 - UserA - UserB Group2 - UserC - UserD AllGroups - Group1 - Group2 - UserX Then I want to be able to say List all users in the AllGroups group and I should get UserA,B,C,D and UserX returned. I'm not sure how to go about this - wbinfo only seems able to return the groups a single user is a member of, and 'getent group' only returns people specifically in that group (i.e. getent group AllGroups only returns UserX, it ignores the nested groups, even if winbind nested groups = yes in smb.conf.) Any ideas how to list *all* the users in a specific group? Thanks, Adam. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Getting to list
Dominic Iadicicco wrote: Cant seem to get mail to the list. I didn't see your messge either. ;-) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Getting to list
Cant seem to get mail to the list. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Getting a list of all possible smb mounts (and bug report on smbtree)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Message: 36 Date: Sat, 18 Oct 2003 12:26:02 +0200 (CEST) From: Bernhard Rosenkraenzer [EMAIL PROTECTED] Subject: [Samba] Getting a list of all possible smb mounts To: [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] Content-Type: TEXT/PLAIN; charset=US-ASCII Hi, I'm currently doing this to get a list of all possible SMB mounts: nmblookup -M -- - [grab list of master browsers] for every master browser: smbclient -L {MASTER BROWSER IP} -U user%pass * Parse everything after Workgroup.*Master to get list of workgroups and workgroup masters for every found workgroup master: smbclient -L {WORKGROUP MASTER IP} -U user%pass * Parse everything between Server.*Comment and Workgroup.*Master to get list of hosts for every found host: smbclient -L {HOST} -U user%pass * Parse everything between Sharename.*Type.*Comment and Server.*Comment to get available mounts This mostly works, but has a couple of problems, such as * smbclient -L some_ip -U user%pass apparently hangs for 10+ minutes if some_ip belongs to a Windoze box with a paranoid firewall [Tried with 2.2.8a, 3.0.0, 3.0.1pre1 and current CVS 3.0 branch] * smbclient -L {WORKGROUP MASTER IP} -U user%pass doesn't always find all machines in the workgroup, and sometimes finds machines that have been turned off ages ago (I know this isn't samba's fault). Is there a better way to get a list of available SMB mounts, or at least a workaround for the long hangs? Have you tried the smbtree program in samba-3.0.0? It seems to be a bit broken in samba-3.0.1pre1 though ... firstly it wants to be able to write to the log directory, and after changing the perms on the log directory, it dies loading codepages: write(1, Adding chars 0x7d 0x0 (l-u = Fa..., 52Adding chars 0x7d 0x0 (l-u = False) (u-l = False) ) = 52 write(1, Adding chars 0x7e 0x0 (l-u = Fa..., 52Adding chars 0x7e 0x0 (l-u = False) (u-l = False) ) = 52 time(NULL) = 1066650666 gettimeofday({1066650666, 501634}, NULL) = 0 stat64(/etc/samba/smb.conf, {st_mode=S_IFREG|0644, st_size=1740, ...}) = 0 open(/etc/samba/smb.conf, O_RDONLY|O_LARGEFILE) = 12 fstat64(12, {st_mode=S_IFREG|0644, st_size=1740, ...}) = 0 read(12, # $Id$\n# Some change\n\n[global]\n ..., 1740) = 1740 close(12) = 0 socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 12 ioctl(12, 0x8912, 0xbfffb0d8) = 0 ioctl(12, 0x8915, 0xbfffb100) = 0 ioctl(12, 0x8913, 0xbfffb100) = 0 ioctl(12, 0x891b, 0xbfffb100) = 0 ioctl(12, 0x8915, 0xbfffb0e0) = 0 ioctl(12, 0x8913, 0xbfffb0e0) = 0 ioctl(12, 0x891b, 0xbfffb0e0) = 0 close(12) = 0 time(NULL) = 1066650666 umask(022) = 022 open(/var/log/samba3/log.smbtree3, O_WRONLY|O_APPEND|O_CREAT|O_LARGEFILE, 0644) = 12 umask(022) = 022 geteuid32() = 501 write(12, [2003/10/20 13:51:06, 6] lib/cha..., 64) = 64 geteuid32() = 501 write(12, codepage_initialise: client co..., 44) = 44 time(NULL) = 1066650666 geteuid32() = 501 write(12, [2003/10/20 13:51:06, 5] lib/cha..., 65) = 65 geteuid32() = 501 write(12, load_client_codepage: loading ..., 44) = 44 - --- SIGSEGV (Segmentation fault) @ 0 (0) --- +++ killed by SIGSEGV +++ Normal (broken) output looks like this on samba-3.0.1pre1: $ smbtree3 Password: WORKGROUP \\ABTCOMPAQ Compaq Laptop \\ABTCOMPAQ\abt mail \\ABTCOMPAQ\IPC$Remote IPC MDKGROUP CAE \\PRINT Samba Server 2.2.8a Adding chars 0x0 0x0 (l-u = False) (u-l = False) Adding chars 0x21 0x0 (l-u = False) (u-l = False) Adding chars 0x23 0x0 (l-u = False) (u-l = False) Adding chars 0x24 0x0 (l-u = False) (u-l = False) Adding chars 0x25 0x0 (l-u = False) (u-l = False) Adding chars 0x26 0x0 (l-u = False) (u-l = False) Adding chars 0x27 0x0 (l-u = False) (u-l = False) Adding chars 0x28 0x0 (l-u = False) (u-l = False) Adding chars 0x29 0x0 (l-u = False) (u-l = False) Adding chars 0x2d 0x0 (l-u = False) (u-l = False) Adding chars 0x2e 0x0 (l-u = False) (u-l = False) Adding chars 0x30 0x0 (l-u = False) (u-l = False) Adding chars 0x31 0x0 (l-u = False) (u-l = False) Adding chars 0x32 0x0 (l-u = False) (u-l = False) Adding chars 0x33 0x0 (l-u = False) (u-l = False) Adding chars 0x34 0x0 (l-u = False) (u-l = False) Adding chars 0x35 0x0 (l-u = False) (u-l = False) Adding chars 0x36 0x0 (l-u = False) (u-l = False) Adding chars 0x37 0x0 (l-u = False) (u-l = False) Adding chars 0x38 0x0 (l-u = False) (u-l = False) Adding chars 0x39 0x0 (l-u = False) (u-l = False) Adding chars 0x40 0x0 (l-u = False) (u-l
Re: [Samba] Getting a list of all possible smb mounts (and bug report on smbtree)
On Mon, 20 Oct 2003, Buchan Milne wrote: It seems to be a bit broken in samba-3.0.1pre1 though ... firstly it wants to be able to write to the log directory, and after changing the perms on the log directory, it dies loading codepages: Buchan, I just tried this with CVS checkout from 8 hours ago and it works fine on SuSE 8.2. [EMAIL PROTECTED]:~ smbtree -Ujht Password: MIDEARTH \\FRODO Samba3 \\FRODO\jht Home Directories \\FRODO\raw raw \\FRODO\photo Hewlett-Packard PhotoSmart P1000 \\FRODO\normal_gray Hewlett-Packard PhotoSmart P1000 \\FRODO\normal Hewlett-Packard PhotoSmart P1000 \\FRODO\lp lp \\FRODO\high_gray Hewlett-Packard PhotoSmart P1000 \\FRODO\highHewlett-Packard PhotoSmart P1000 \\FRODO\draft_gray Hewlett-Packard PhotoSmart P1000 \\FRODO\draft Hewlett-Packard PhotoSmart P1000 \\FRODO\ADMIN$ IPC Service (Samba3) \\FRODO\IPC$IPC Service (Samba3) \\FRODO\cdr CDR Production Files \\FRODO\dataData Stuff \\FRODO\media Public Stuff \\FRODO\ProfilesRoaming Profile Share \\FRODO\print$ Printer Drivers Share [EMAIL PROTECTED]:~ smbtree -V Version CVS 3.0.1pre2 I'm not sure what the problem might be at your end as I can not reproduce the failure. Anyone else having problems with smbtree? - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Getting a list of all possible smb mounts
Hi, I'm currently doing this to get a list of all possible SMB mounts: nmblookup -M -- - [grab list of master browsers] for every master browser: smbclient -L {MASTER BROWSER IP} -U user%pass * Parse everything after Workgroup.*Master to get list of workgroups and workgroup masters for every found workgroup master: smbclient -L {WORKGROUP MASTER IP} -U user%pass * Parse everything between Server.*Comment and Workgroup.*Master to get list of hosts for every found host: smbclient -L {HOST} -U user%pass * Parse everything between Sharename.*Type.*Comment and Server.*Comment to get available mounts This mostly works, but has a couple of problems, such as * smbclient -L some_ip -U user%pass apparently hangs for 10+ minutes if some_ip belongs to a Windoze box with a paranoid firewall [Tried with 2.2.8a, 3.0.0, 3.0.1pre1 and current CVS 3.0 branch] * smbclient -L {WORKGROUP MASTER IP} -U user%pass doesn't always find all machines in the workgroup, and sometimes finds machines that have been turned off ages ago (I know this isn't samba's fault). Is there a better way to get a list of available SMB mounts, or at least a workaround for the long hangs? LLaP bero -- Ark Linux - Linux for the masses http://www.arklinux.org/ Redistribution and processing of this message is subject to http://www.arklinux.org/terms.php -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba